From d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f Mon Sep 17 00:00:00 2001
From: hbratko <hbratko@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Wed, 22 Aug 2007 09:27:06 +0000
Subject: Evaluate result from signature manifest check and throw exception if
 an error code is returned (tranforms within signature do not match expected
 transforms from profile) - only in the case of AUTHBlock verification.

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@923 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../id/auth/validator/VerifyXMLSignatureResponseValidator.java   | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 1f2ebc37c..d5650b897 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -92,9 +92,12 @@ public class VerifyXMLSignatureResponseValidator {
     }
     
     
-    // TODO See Bug #322
-    // Check result of SignatureManifestCheck
-    
+    // Check the signature manifest only when verifying the signed AUTHBlock
+    if (whatToCheck.equals(CHECK_AUTH_BLOCK)) {
+      if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) {
+        throw new ValidateException("validator.50", null);
+      }
+    }
     
     //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not
     if (identityLinkSignersSubjectDNNames != null) {
-- 
cgit v1.2.3